I have been doing some research on SIEM and and SOC, specifically managed SOC's or MSSP's. I see that many of them use ArcSight as their SIEM/Log Management solution.
I personally don't have any experience with ArcSight and am curious how LEM compares against it on a capabilities/features side-by-side. I did read the thread HERE but am looking for less of a description of LEM but more of a direct comparison matrix. I know that back in the day HP OpenView reigned king in the monitoring world, is ArcSight in that same boat? I haven't been able to see many screenshots or videos of it but what I have seen makes it look like somewhat of a legacy product; at least from a UI perspective.
I a asking about this because we are looking at developing even more security services with LEM as our SIEM/Log Management solution of choice and I need to know how to answer questions when we go up against solutions such as ArcSight.
I am interested in any feedback that anybody may have on this, thanks in advance!